As the Russia-Ukraine war continues, businesses are on heightened alert for cyberattacks.
Based on past events, the war between Russia and Ukraine poses threats that could have a direct impact on U.S. businesses. In light of the continuing threat, we encourage business owners and executives to reevaluate previously held assumptions for business continuity and disaster recovery plans.
In 2017, Russia targeted Ukraine with the NotPetya virus. The aftermath of this attack was felt by the world, causing more than $10 billion in damage globally. NotPetya, a wiper attack, sent a message to users to conduct a system reboot. Once they did, the system became inaccessible with files that were unable to be decrypted.
Russian-sponsored actors have used sophisticated cyber capabilities to target a variety of U.S. critical infrastructures and have demonstrated sophisticated capabilities to compromise third-party infrastructure, third-party software, and deploy custom malware. They have also demonstrated the ability to maintain undetected, long-term access to cloud environments.
Hours before the invasion of Ukraine began on February 24th, Microsoft found a “new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure.” Russia’s history of using sophisticated cyber capabilities means additional attacks and exploitations of vulnerabilities are not only likely—they’re imminent. They can compromise third-party infrastructure and software, deploying custom malware that threatens systems globally.
In light of Russia’s prior attacks and current unrest, additional attacks or exploitation of vulnerabilities are at the top of our list of possible threats. For those who receive services from Xamin, we have established robust data backup and disaster recovery capabilities within our environments to minimize any potential service interruption. This includes a multi-layered security approach to reduce the risk of any single point of failure. Access and encryption controls are established to safeguard data back-ups, and all recovery plans are tested and updated regularly.
As malware may be used to harm and destroy data (as opposed to leverage funds), there is a threat to organizations’ daily operations, impacting the availability of your business’s critical assets and private data. As this situation continues to develop, all organizations should assess and bolster their cybersecurity. Some immediate actions that can be taken (if you have not already) include:
- Enabling strong spam filters to prevent phishing emails from reaching end users
- Educating employees with cybersecurity awareness training
- Third party cybersecurity assessments
- Internal/External Network Penetration Testing
- Updating and patching software
- Validating remote access to the organization’s network and privileged or administrative access requires multi-factor authentication
- Confirming the organization's entire network is protected by antivirus/antimalware software
- Designating a crisis-response team with main points of contact for a suspected cybersecurity incident
- Selecting cybersecurity insurance
- Testing backup procedures to ensure critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack
- Ensuring backups are isolated from network connections
Now, more than ever, it’s imperative to make cybersecurity a part of your business strategy or risk the theft and loss of your data.